Lucene search

TenableVULNRICHMENT:CVE-2024-1891

HistoryJun 12, 2024 - 3:56 p.m.

CVE-2024-1891 Stored Cross Site Scripting

2024-06-1215:56:41

CWE-79

tenable

github.com

vulnerability

stored xss

tenable security center

web application

html code

cve-2024-1891

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

Percentile

14.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

A stored cross site scripting vulnerability exists in Tenable Security Center where an authenticated, remote attacker could inject HTML code into a web application scan result page.

ADP Affected

[
  {
    "cpes": [
      "cpe:2.3:a:tenable:security_center:*:*:*:*:*:*:*:*"
    ],
    "vendor": "tenable",
    "product": "security_center",
    "versions": [
      {
        "status": "affected",
        "version": "0",
        "lessThan": "6.4.0",
        "versionType": "custom"
      }
    ],
    "defaultStatus": "affected"
  }
]

References

www.tenable.com/security/tns-2024-10

CVSS3

3.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N

AI Score

6.1

Confidence

High

EPSS

Percentile

14.7%

SSVC

Exploitation

none

Automatable

Technical Impact

partial

JSON

Related for VULNRICHMENT:CVE-2024-1891